Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 275 lines (230 sloc) 11.175 kB
4775e82 # more line-ending properties
ts77 authored
1 <?php
b7eee56 # Added copyright notices to Phorum files
mmakaay authored
2
4775e82 # more line-ending properties
ts77 authored
3 ////////////////////////////////////////////////////////////////////////////////
4 // //
253986c # Updated copyright notices to 2007
mmakaay authored
5 // Copyright (C) 2007 Phorum Development Team //
4775e82 # more line-ending properties
ts77 authored
6 // http://www.phorum.org //
7 // //
8 // This program is free software. You can redistribute it and/or modify //
9 // it under the terms of either the current Phorum License (viewable at //
10 // phorum.org) or the Phorum License that was distributed with this file //
11 // //
12 // This program is distributed in the hope that it will be useful, //
13 // but WITHOUT ANY WARRANTY, without even the implied warranty of //
14 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. //
15 // //
16 // You should have received a copy of the Phorum License //
17 // along with this program. //
18 ////////////////////////////////////////////////////////////////////////////////
19 define('phorum_page','control');
20
21 include_once("./common.php");
22
23 phorum_require_login();
24
25 include_once("./include/email_functions.php");
26 include_once("./include/format_functions.php");
27
18b5987 # New user API code + core changes to work with the user API.
mmakaay authored
28 include_once("./include/api/base.php");
29 include_once("./include/api/user.php");
30
4775e82 # more line-ending properties
ts77 authored
31 define("PHORUM_CONTROL_CENTER", 1);
32
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
33 // A user has to be logged in to use his control-center.
4775e82 # more line-ending properties
ts77 authored
34 if (!$PHORUM["DATA"]["LOGGEDIN"]) {
35 phorum_redirect_by_url(phorum_get_url(PHORUM_LIST_URL));
36 exit();
37 }
38
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
39 // If the user is not fully logged in, send him to the login page.
ba5300d New security feature! Users must confirm their login before posting …
brian authored
40 if(!$PHORUM["DATA"]["FULLY_LOGGEDIN"]){
41 phorum_redirect_by_url(phorum_get_url(PHORUM_LOGIN_URL, "redir=".PHORUM_CONTROLCENTER_URL));
42 exit();
43 }
44
4775e82 # more line-ending properties
ts77 authored
45 $error_msg = false;
b0b0faa MFB: Fixed possible XSS issues, exploitable with register_globals = o…
ts77 authored
46 $error = "";
47 $okmsg = "";
da9b6ea MFB: initializing and checking template-var
mmakaay authored
48 $template = "";
4775e82 # more line-ending properties
ts77 authored
49
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
50 // Generating the panel id of the page to use.
65a9dd1 # change urls in template to new standard. fixed pm read style. othe…
brian authored
51 if(isset($PHORUM['args']['panel'])){
52 $panel = $PHORUM['args']['panel'];
4775e82 # more line-ending properties
ts77 authored
53
65a9dd1 # change urls in template to new standard. fixed pm read style. othe…
brian authored
54 } elseif(isset($_POST["panel"])){
55 $panel = $_POST["panel"];
56
57 } else {
58 $panel = PHORUM_CC_SUMMARY;
4775e82 # more line-ending properties
ts77 authored
59 }
60
65a9dd1 # change urls in template to new standard. fixed pm read style. othe…
brian authored
61
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
62 // Set all our URLs.
4775e82 # more line-ending properties
ts77 authored
63 phorum_build_common_urls();
64
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
65 // Generate the control panel URLs.
4775e82 # more line-ending properties
ts77 authored
66 $PHORUM['DATA']['URL']['CC0'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_SUMMARY);
67 $PHORUM['DATA']['URL']['CC1'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_SUBSCRIPTION_THREADS);
68 $PHORUM['DATA']['URL']['CC2'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_SUBSCRIPTION_FORUMS);
69 $PHORUM['DATA']['URL']['CC3'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_USERINFO);
70 $PHORUM['DATA']['URL']['CC4'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_SIGNATURE);
71 $PHORUM['DATA']['URL']['CC5'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_MAIL);
72 $PHORUM['DATA']['URL']['CC6'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_BOARD);
73 $PHORUM['DATA']['URL']['CC7'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_PASSWORD);
74 $PHORUM['DATA']['URL']['CC8'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_UNAPPROVED);
75 $PHORUM['DATA']['URL']['CC9'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_FILES);
76 $PHORUM['DATA']['URL']['CC10'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_USERS);
77 $PHORUM['DATA']['URL']['CC14'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_PRIVACY);
78 $PHORUM['DATA']['URL']['CC15'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_GROUP_MODERATION);
79 $PHORUM['DATA']['URL']['CC16'] = phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_GROUP_MEMBERSHIP);
80
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
81 // Determine if the user files functionality is available.
82 $PHORUM["DATA"]["MYFILES"] = ($PHORUM["file_uploads"] || $PHORUM["user"]["admin"]);
4775e82 # more line-ending properties
ts77 authored
83
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
84 // Determine if the user is a moderator.
4775e82 # more line-ending properties
ts77 authored
85 $PHORUM["DATA"]["MESSAGE_MODERATOR"] = (count(phorum_user_access_list(PHORUM_USER_ALLOW_MODERATE_MESSAGES)) > 0);
86 $PHORUM["DATA"]["USER_MODERATOR"] = phorum_user_access_allowed(PHORUM_USER_ALLOW_MODERATE_USERS);
87 $PHORUM["DATA"]["GROUP_MODERATOR"] = phorum_user_allow_moderate_group();
88 $PHORUM["DATA"]["MODERATOR"] = ($PHORUM["DATA"]["USER_MODERATOR"] + $PHORUM["DATA"]["MESSAGE_MODERATOR"] + $PHORUM["DATA"]["GROUP_MODERATOR"]) > 0;
89
c2a9997 added global option to hide email-addresses (#559)
ts77 authored
90 $PHORUM['DATA']['SHOW_EMAIL_HIDE'] = (!isset($PHORUM['hide_email_addr']) || empty($PHORUM['hide_email_addr']))?1:0;
91
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
92 // The form action for the common form.
93 $PHORUM["DATA"]["URL"]["ACTION"] = phorum_get_url(PHORUM_CONTROLCENTER_ACTION_URL);
4775e82 # more line-ending properties
ts77 authored
94
95 $user = $PHORUM['user'];
96
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
97 // Security messures.
4775e82 # more line-ending properties
ts77 authored
98 unset($user["password"]);
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
99 unset($user["password_temp"]);
4775e82 # more line-ending properties
ts77 authored
100 unset($user["permissions"]);
101
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
102 // Format the user signature using standard message body formatting
8a68ecc made two different variables for signature in control panel. one for …
ts77 authored
103 // or HTML escape it
104 $user["signature"] = htmlspecialchars($user["signature"]);
105
106 // Fake a message here so we can run the sig through format_message.
107 $fake_messages = array(array("author"=>"", "email"=>"", "subject"=>"", "body"=>$user["signature"]));
108 $fake_messages = phorum_format_messages( $fake_messages );
109 $user["signature_formatted"] = $fake_messages[0]["body"];
6e867ab MFB: User's signatures were not being escaped.
brian authored
110
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
111 // Initialize any custom profile fields that are not present.
4775e82 # more line-ending properties
ts77 authored
112 if (!empty($PHORUM["PROFILE_FIELDS"])) {
a6e6255 # Ignore "num_fields" from $PHORUM["PROFILE_FIELDS"] when looping ove…
mmakaay authored
113 foreach($PHORUM["PROFILE_FIELDS"] as $id => $field) {
a84aba9 # Updates for handling custom profile fields that are flagged "deleted".
mmakaay authored
114 if ($id === 'num_fields' || !empty($field['deleted'])) continue;
4775e82 # more line-ending properties
ts77 authored
115 if (!isset($user[$field['name']])) $user[$field['name']] = "";
116 }
117 }
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
118
119 // Setup template data.
4775e82 # more line-ending properties
ts77 authored
120 $PHORUM["DATA"]["PROFILE"] = $user;
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
121 $PHORUM["DATA"]["PROFILE"]["forum_id"] = isset($PHORUM["forum_id"]) ? $PHORUM['forum_id'] : 0;
122 $PHORUM["DATA"]["PROFILE"]["PANEL"] = $panel;
4775e82 # more line-ending properties
ts77 authored
123
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
124 // Set the back-URL and -message.
125 if ($PHORUM['forum_id'] > 0 && $PHORUM['folder_flag'] == 0) {
4775e82 # more line-ending properties
ts77 authored
126 $PHORUM['DATA']['URL']['BACK'] = phorum_get_url(PHORUM_LIST_URL);
127 $PHORUM['DATA']['URL']['BACKTITLE'] = $PHORUM['DATA']['LANG']['BacktoForum'];
128 } else {
129 if(isset($PHORUM['forum_id'])) {
130 $PHORUM['DATA']['URL']['BACK'] = phorum_get_url(PHORUM_INDEX_URL,$PHORUM['forum_id']);
131 } else {
132 $PHORUM['DATA']['URL']['BACK'] = phorum_get_url(PHORUM_INDEX_URL);
133 }
134 $PHORUM['DATA']['URL']['BACKTITLE'] = $PHORUM['DATA']['LANG']['BackToForumList'];
135 }
136
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
137 // Load the include file for the current panel.
4775e82 # more line-ending properties
ts77 authored
138 $panel = basename($panel);
139 if (file_exists("./include/controlcenter/$panel.php")) {
140 include "./include/controlcenter/$panel.php";
141 } else {
142 include "./include/controlcenter/summary.php";
143 }
144
449a669 new templates working on CC now
brian authored
145 if(empty($PHORUM["DATA"]["HEADING"])){
146 $PHORUM["DATA"]["HEADING"] = "MyProfile";
147 }
148
149 // unset default description
150 $PHORUM["DATA"]["DESCRIPTION"] = "";
151
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
152 // The include file can set the template we have to use for
153 // displaying the main part of the control panel screen
154 // in the $template variable.
da9b6ea MFB: initializing and checking template-var
mmakaay authored
155 if (isset($template) && !empty($template)) {
4775e82 # more line-ending properties
ts77 authored
156 $PHORUM['DATA']['content_template'] = $template;
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
157 }
4775e82 # more line-ending properties
ts77 authored
158
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
159 // The include file can also set an error message to show
160 // in the $error variable and a success message in $okmsg.
161 if (isset($error) && !empty($error)) $PHORUM['DATA']['ERROR'] = $error;
162 if (isset($okmsg) && !empty($okmsg)) $PHORUM['DATA']['OKMSG'] = $okmsg;
4775e82 # more line-ending properties
ts77 authored
163
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
164 if ($error_msg) { // Possibly set from the panel include file.
293da1e Moved all template output to common function for control. Added new …
brian authored
165 $template = "message";
4775e82 # more line-ending properties
ts77 authored
166 } else {
293da1e Moved all template output to common function for control. Added new …
brian authored
167 $template = "cc_index";
4775e82 # more line-ending properties
ts77 authored
168 }
293da1e Moved all template output to common function for control. Added new …
brian authored
169
170 // Display the control panel page.
171 phorum_output($template);
4775e82 # more line-ending properties
ts77 authored
172
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
173 // ============================================================================
4775e82 # more line-ending properties
ts77 authored
174
175 /**
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
176 * A common function which is used to save the userdata from the post-data.
177 * @param panel - The panel for which to save data.
178 * @return array - An array containing $error and $okmsg.
4775e82 # more line-ending properties
ts77 authored
179 */
180 function phorum_controlcenter_user_save($panel)
181 {
182 $PHORUM = $GLOBALS['PHORUM'];
183 $error = "";
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
184 $okmsg = "";
185
e8dc690 Moved real_name from a custom profile field to a real user table field.
mmakaay authored
186 // Setup the default userdata fields that can be changed
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
187 // from the control panel interface.
188 $userdata = array(
189 'signature' => NULL,
190 'hide_email' => NULL,
191 'hide_activity' => NULL,
192 'password' => NULL,
46e5de6 Fixed password changing issue reported in chat
brian authored
193 'password_temp' => NULL,
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
194 'tz_offset' => NULL,
195 'is_dst' => NULL,
196 'user_language' => NULL,
197 'threaded_list' => NULL,
198 'threaded_read' => NULL,
199 'email_notify' => NULL,
200 'show_signature' => NULL,
201 'pm_email_notify' => NULL,
202 'email' => NULL,
203 'email_temp' => NULL,
e8d7541 MFB: # user_template could not be changed from the control center panels
mmakaay authored
204 'user_template' => NULL,
c403121 added options for moderators to avoid getting moderation-emails, impl…
ts77 authored
205 'moderation_email'=> NULL,
e8dc690 Moved real_name from a custom profile field to a real user table field.
mmakaay authored
206 'real_name' => NULL,
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
207 );
208 // Add custom profile fields as acceptable fields.
a6e6255 # Ignore "num_fields" from $PHORUM["PROFILE_FIELDS"] when looping ove…
mmakaay authored
209 foreach ($PHORUM["PROFILE_FIELDS"] as $id => $field) {
a84aba9 # Updates for handling custom profile fields that are flagged "deleted".
mmakaay authored
210 if ($id === "num_fields" || !empty($field['deleted'])) continue;
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
211 $userdata[$field["name"]] = NULL;
212 }
213 // Update userdata with $_POST information.
214 foreach ($_POST as $key => $val) {
215 if (array_key_exists($key, $userdata)) {
216 $userdata[$key] = $val;
217 }
218 }
219 // Remove unused profile fields.
220 foreach ($userdata as $key => $val) {
221 if (is_null($val)) {
222 unset($userdata[$key]);
223 }
224 }
4775e82 # more line-ending properties
ts77 authored
225
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
226 // Set static userdata.
4775e82 # more line-ending properties
ts77 authored
227 $userdata["user_id"] = $PHORUM["user"]["user_id"];
228
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
229 // Run a hook, so module writers can update and check the userdata.
5ad1de1 Made the phorum_hook calls conditional, which should speed up execution
mmakaay authored
230 if (isset($PHORUM["hooks"]["cc_save_user"]))
231 $userdata = phorum_hook("cc_save_user", $userdata);
4775e82 # more line-ending properties
ts77 authored
232
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
233 // Set $error, in case the before_register hook did set an error.
234 if (isset($userdata['error'])) {
6e867ab MFB: User's signatures were not being escaped.
brian authored
235 $error=$userdata['error'];
236 unset($userdata['error']);
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
237 // Try to update the userdata in the database.
4775e82 # more line-ending properties
ts77 authored
238 } elseif (!phorum_user_save($userdata)) {
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
239 // Updating the user failed.
6e867ab MFB: User's signatures were not being escaped.
brian authored
240 $error = $PHORUM["DATA"]["LANG"]["ErrUserAddUpdate"];
4775e82 # more line-ending properties
ts77 authored
241 } else {
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
242 // Updating the user was successful.
243 $okmsg = $PHORUM["DATA"]["LANG"]["ProfileUpdatedOk"];
244
245 // Let the userdata be reloaded.
18b5987 # New user API code + core changes to work with the user API.
mmakaay authored
246 phorum_api_user_set_active_user(PHORUM_FORUM_SESSION, $userdata["user_id"]);
6e867ab MFB: User's signatures were not being escaped.
brian authored
247
18b5987 # New user API code + core changes to work with the user API.
mmakaay authored
248 // If a new password was set, then reset all session id(s), so
249 // other computers or browser will loose any active session that
250 // they are running.
6e867ab MFB: User's signatures were not being escaped.
brian authored
251 if (isset($userdata["password"]) && !empty($userdata["password"])) {
18b5987 # New user API code + core changes to work with the user API.
mmakaay authored
252 phorum_api_user_session_create(
253 PHORUM_FORUM_SESSION,
254 PHORUM_SESSID_RESET_ALL
255 );
c403121 added options for moderators to avoid getting moderation-emails, impl…
ts77 authored
256 }
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
257
258 // Copy data from the updated user back into the template data.
259 // Leave PANEL and forum_id alone (these are injected into the
260 // userdata in the template from this script).
261 foreach ($GLOBALS["PHORUM"]["DATA"]["PROFILE"] as $key => $val) {
262 if ($key == "PANEL" || $key == "forum_id") continue;
263 if (isset($GLOBALS["PHORUM"]["user"][$key])) {
264 $GLOBALS["PHORUM"]["DATA"]["PROFILE"][$key] = $GLOBALS["PHORUM"]["user"][$key];
265 } else {
266 $GLOBALS["PHORUM"]["DATA"]["PROFILE"][$key] = "";
6e867ab MFB: User's signatures were not being escaped.
brian authored
267 }
268 }
4775e82 # more line-ending properties
ts77 authored
269 }
270
b54edef MFB: # Reformatted and cleaned up CC code and added green okay-msg
mmakaay authored
271 return array($error, $okmsg);
4775e82 # more line-ending properties
ts77 authored
272 }
273
274 ?>
Something went wrong with that request. Please try again.